CISOs Look to Machine Learning to Augment Security Staffing Shortages

blog

3 min. read

By Ray Pompon

We’re in an exciting time in our profession. There is a lot of new technology, a huge demand for our skills, and a bright future that promises only more work for us. Yet, this excitement is a two-edged blade. We often hear from peers about how hard it is to hire good security folks. My email box gets at least one mention a week from a peer looking for folks to bolster their team. But beyond anecdotes, we have data, as well. The F5 and Ponemon survey, The Evolving Role of CISOs and their Importance to the Business, found that 58% of CISOs reported “difficulty in hiring qualified security personnel.”

The ever-growing complexity of technology and security controls makes this situation worse. A “qualified security person” may seem like a singular job role to most outside of IT, but the reality is far more complex.

As of this moment, there are 77 different security certifications,1 some of which overlap and some that are widely divergent. The National Institute of Standards (NIST) has classified 33 distinct areas of cybersecurity work within its Cybersecurity Workforce Framework.2 You can’t just hire a “security person” and expect them to be competent in every one of these areas, so we need to hire lots of people with different skills. These specializations are opaque to the outsider—including the Human Resources department.

So, what’s a CISO to do? Looking at the F5 Labs Ponemon report we find half of surveyed respondents say machine learning is important to address security staffing shortages. Furthermore, 70% of CISOs report that machine learning will be important to their IT security functions in the next two years.

Using Machine Learning (ML) systems to enhance the capabilities of a security team makes sense. We don’t have enough people to look at all the alerts, vulnerabilities, and threat feeds. Worse, under a deluge of data, humans get tired and produce inconsistent results. Because of the wide spectrum of expertise, training, and experience, human bias can creep into the results. Yet, a machine learning system, once trained with enough correct statistics, can produce consistent and usable results. Machine Learning excels at classifying a population of data into buckets, which makes it good at anomaly detection and finding hidden relationships. In some cases, machine learning can be trained by being fed presorted data and in other cases it can learn unsupervised without help. However, it is far from perfect.

So instead of relying on these kinds of systems alone, CISOs can use the machine learning analysis as a “first cut.” That way the most interesting results bubble up for expert review and action. You can increase quantity and quality of analysis with the same staffing levels. Mike Simon, CTO of Critical Informatics, is doing that.

As with any technology, there is a danger that attackers can game the machine learning system to their advantage. There is already ongoing research in preventing the injection of adversarial examples to skew results.3 Security always has and always will be an arms race. As machine learning in security is growing, this is definitely an area worth keeping an eye on.

Ray Pompon is a Principal Threat Research Evangelist with F5 Labs. With over 20 years of experience in Internet security, he has worked closely with federal law enforcement in cyber-crime investigations. He was directly involved in several major intrusion cases, including the FBI undercover Flyhook operation and the NW Hospital botnet prosecution. He is the author of IT Security Risk Control Management: An Audit Preparation Plan published by Apress books.

Need-to-Know

Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.

Every

9 hrs

a critical vulnerability—with the potential for remote code execution—is released.